1. Field of the Invention
The present invention relates to a system for managing files having the functions of altering files and detecting the alteration of files, and more particularly to a file managing system for implementing the alteration prevention of files and detecting the alteration by storing authenticators indirectly created from files in an area inaccessible by the operator.
2. Description of the Related Art
As the computerization of official documents such as tax-related slips, etc. is promoted, a demand for keeping computerized data as evidence, safely and for a long time, in the same way as data is preserved on paper, has been increasing. The computerized documents can be very easily processed and reused, and can easily be added to, deleted from, corrected or transferred via a network, etc. For this reason, the computerized data involves a risk of being altered by a third party.
To solve this problem the applicant has applied the Japanese patent application No. 9-88485 (xe2x80x9cFile system and program storage mediumxe2x80x9d dated Apr. 7, 1997). This is a file system in which illegal alteration by the low-level access of illegal users, or illegal and malicious alteration by authorized users can be detected by linking the file management module in the OS (operating system) with a storage medium (secure medium) where an area usually unaccessible to users (secure area) can be set and preserving authenticators for detecting the alteration of data files, the access logs of data files, etc. in the secure area relating the authenticators, the access logs, etc. to the data files.
However, in the above-mentioned conventional example, since access to a secure area by users is usually protected by a file system, in a system without such a file system, the secure area can be easily accessed, and as a result, authenticators, access logs, etc. related to data files can often be altered freely.
Although a necessary secure area differs in size, since the sizes of access logs, etc. expand dynamically, usually it is difficult to modify the size of both a secure area and a normal area.
It is an object of the present invention to provide a system for managing files having alteration preventing/detecting functions for preventing a secure area from being easily accessed and preventing the authenticator and access log, etc. related to a data file from being freely altered, by means of reciprocal authentication obtained between a file system and a storing unit such as, for example, a unit of firmware.
It is another object of the present invention to provide a system for managing files having alteration preventing/detecting functions for dynamically modifying the size of both a secure area and a normal area by locating sub-files such as authenticators, access logs, etc. related to a data file being a main-file in the normal area, and locating only authenticators created from the sub-file in the secure area.
The system for managing files having alteration preventing/detecting functions of the present invention comprises a reciprocal authentication unit, an access allowing key storage unit, a file access unit, a main-file storage unit, a main-file reading unit, a sub-file storage unit, a sub-file reading unit, a system file storage unit, a system file reading unit, an authentication information creation unit, an authentication information comparison unit, an access allowing key group storage unit, an access allowing key identification unit and a secure area access unit.
In the first aspect of the present invention the reciprocal authentication unit creates an access allowing key. The access allowing key storage unit stores the access allowing key. The file access unit sends out an access request together with the access allowing key. The access allowing key group storage unit stores all the access allowing keys. The access allowing identification unit identifies if the access allowing key stored in the access allowing key storage unit and at least one access allowing key stored in the access allowing key group storage unit, are the same. The secure area access unit accesses a secure area normally unaccessible.
In the second aspect of the present invention the sub-file storage unit stores files. The authentication information creation unit creates sub-file authentication information used to verify the sub-files. The system file storage unit stores the sub-file authentication information relating the information to the main-file as a system file.
In the third aspect of the present invention the main-file storage unit stores a main-file. The authentication information creation unit creates main-file authentication information to be used to verify the main-file. The sub-file storage unit stores the main-file authentication information relating the information to the main-file as one of sub-files.
In the fourth aspect of the present invention the main-file storage unit stores a main-file. The authentication creation unit creates main-file authentication information to be used to verify the main-file. The sub-file storage unit stores the main-file authentication information relating the information to the main-file as one of sub-files. The sub-file storage unit stores one or a plurality of sub-files related to a main-file. The authentication information creation unit creates sub-file authentication information to be used to verify the sub-file. The system file storage unit stores the sub-file authentication information relating the information to the sub-file as a system file.
In the fifth aspect of the present invention the sub-file reading unit reads sub-files. The authentication information creation unit creates sub-file authentication information from sub-files read from the sub-file reading unit. The system file reading unit reads sub-file authentication information from a system file related to the sub-file. The authentication information comparison unit compares the sub-file authentication information created by the authentication information creation unit with the sub-file authentication information read by the system file reading unit.
In the sixth aspect of the present invention the main-file reading unit reads a main-file. The authentication information creation unit creates main-file authentication information from a main-file read from the main-file reading unit. The sub-file reading unit reads main-file authentication information from sub-files related to the main-file. The authentication information comparison unit compares the main-file authentication information created by the authentication information creation unit with the main-file authentication information read by the sub-file reading unit.
In the seventh aspect of the present invention the main-file reading unit reads a main-file. The sub-file reading unit reads one or a plurality of sub-files related to the main-file and the main-file authentication information from sub-files related to the main-file. The system file reading unit reads sub-file authentication information from a system file related to the sub-file. The authentication information creation unit creates main-file authentication information from a main-file read by the main-file reading unit, and creates sub-file authentication information from sub-files read by the sub-file reading unit. The authentication information comparison unit compares the main-file authentication information created by the authentication information creation unit with the main-file authentication information read by the sub-file reading unit, and compares the sub-file authentication information created by the authentication information creation unit with the sub-file authentication information read by the system file reading unit.